Troubleshooting ConfigMgr 2012 software update synchronization issues

Helps you diagnose and resolve issues with software update synchronization for System Center 2012 Configuration Manager.

Who is it for?

Admins of System Center 2012 Configuration Manager who help resolve issues with software update synchronization.

How does it work?

We’ll begin by asking if the prerequisites for software update synchronization are met. If the prerequisites are met and you’re still facing the issue, we’ll take you through a series of steps to resolve your issue.

Estimated time of completion:

15-30 minutes.

1

Verify the Prerequisites

The first step in troubleshooting synchronization issues is to verify that the following prerequisites are met:

If using WSUS 3.0 SP2, KB2734608 must be installed on the WSUS server. You can verify this by looking at the server version. To do this, launch the WSUS console and click on the server name. You will find the server version under Overview -> Connection -> Server Version. Make sure the version is 3.2.7600.256 or later.

When the Software Update Point is installed on a remote site system server, the WSUS Administration console must be installed on the site server. If using WSUS 3.0 SP2, KB2734608 needs to be installed on the WSUS Administration console as well.

After installing KB2734608 (remote or local), a reboot is required. Reboot the server and verify whether the issue still exists.

Verify that WSUS running on a Software Update Point is not configured to be a Replica. To check this, open the WSUS console on the Software Update Point and click Options in the console tree pane, then select Update Source and Proxy Server in the display pane.

Verify that the Update Services service is running on the WSUS server.

Verify that the Default Website or WSUS Administration website is running on the WSUS server.

Did this solve your problem?

Yes

No

0

Verify the Prerequisites

The first step in troubleshooting synchronization issues is to verify that the following prerequisites are met:

If using WSUS 3.0 SP2, KB2734608 must be installed on the WSUS server. You can verify this by looking at the server version. To do this, launch the WSUS console and click on the server name. You will find the server version under Overview -> Connection -> Server Version. Make sure the version is 3.2.7600.256 or later.

When the Software Update Point is installed on a remote site system server, the WSUS Administration console must be installed on the site server. If using WSUS 3.0 SP2, KB2734608 needs to be installed on the WSUS Administration console as well.

After installing KB2734608 (remote or local), a reboot is required. Reboot the server and verify whether the issue still exists.

Verify that WSUS running on a Software Update Point is not configured to be a Replica. To check this, open the WSUS console on the Software Update Point and click Options in the console tree pane, then select Update Source and Proxy Server in the display pane.

Verify that the Update Services service is running on the WSUS server.

Verify that the Default Website or WSUS Administration website is running on the WSUS server.

Did this solve your problem?

Yes

No

0

Synchronization fails with “WSUS server not configured”

WSUS Configuration Manager (WCM) configures the WSUS server once every hour in order to ensure that the settings configured in WSUS match the setting specified in the Configuration Manager console. If WCM fails to configure the WSUS Server properly, synchronization attempts can fail with an error similar to the following:

You will also find the following error in the WsyncMgr.log file on the Site Server (located in \Logs):

Synchronization fails due to Authentication and Proxy Issues

Synchronization may fail due to authentication or proxy issues. When this occurs you will see an error similar to the following in the WCM.LOG file:

System.Net.WebException: The request failed with HTTP status 502

Note that the error may not always be HTTP status 502, and may in fact be one of the following:

HTTP Status 401 Unauthorized

HTTP Status 403 Forbidden

HTTP Status 407 Proxy Authentication Required

HTTP Status 502 Proxy Error

You could also see errors similar to the following:

No connection could be made because the target machine actively refused it

Authentication failed because the remote party has closed the transport stream

If you are seeing one of these errors, select it below.

HTTP Status 401 Unauthorized

HTTP Status 403 Forbidden

HTTP Status 407 Proxy Authentication Required

HTTP Status 502 Proxy Error

No connection could be made because the target machine actively refused it

Authentication failed because the remote party has closed the transport stream

My error is not listed

I do not see an error

0

Fixing authentication and proxy issues

Synchronization may be failing due to authentication and/or proxy issues. To verify, complete the following:

Verify that the Update Services service is running on the WSUS Server.

Verify that the Default Website or WSUS Administration website is running on the WSUS Server.

Verify that the fully qualified domain name (FQDN) for the software update point site system server is correct and accessible from the Site Server.

If the Software Update Point is remote from the Site Server, verify that you can connect to the WSUS Server from the Site Server. To do this, connect to the remote WSUS Server using the WSUS Administration Console.

Check the port settings configured for the Software Update Point and verify that they are the same as the port settings configured for the Web site used by WSUS running on the Software Update Point.

Verify that the proxy and account settings are properly configured for the Software Update Point:

Verify that the Software Update Point connection account is configured (if required) and that it has rights to connect to the WSUS Server.

Verify that the permissions on the ApiRemoting30 Virtual Directory are set correctly in IIS.

Synchronization fails due to Web Service issues

Synchronization may be failing due to issues with the Web service. When this occurs you will see an error similar to the following in the WCM.LOG file:

System.Net.WebException: The request failed with HTTP status 500

or

System.Net.WebException: The request failed with HTTP status 503

If you are seeing one of these errors, select it below.

HTTP Status 500 Internal Server Error

HTTP Status 503 Service Unavailable

My error is not listed

0

Fixing Web Service issues

When synchronization is failing due to issues with the Web Service, verify the following:

Verify that the Update Services service is running on the WSUS Server.

Verify that the Default Website or WSUS Administration website is running on the WSUS Server.

Check the port settings configured for the Software Update Point and verify that they are the same as the port settings configured for the Web site used by WSUS running on the Software Update Point.

Did this solve your problem?

Yes

No

0

Synchronization fails due to SSL Issues

Synchronization may be failing due to issues with SSL. If you are using SSL please verify the following:

Verify that the certificate configured for the WSUS website is configured with the proper FQDN. If the certificate doesn’t have the proper FQDN, refer to KB931351 for steps on adding a Subject Alternate Name to a certificate.